A new data breach on Facebook due to malicious browser extensions allowed almost 81,000 users’ private data up for sale, reports BBC News

Throughout this year, we saw many data breaches and security issues involving Facebook. Adding to this list, last week, some hackers were able to gain access to 120 million accounts and posted private posts of Facebook users. As reported by the BBC News, the hackers also put an advert selling access to these compromised accounts for 10 cents per account.

What this Facebook hack was about?

This case of data breach seems to be different from the ones we saw previously. While the previous attacks took advantage of vulnerabilities in Facebook’s code, this breach happened due to malicious extensions. This breach was first spotted in September, when a user nicknamed as “FBSaler” appeared on an English-language internet forum. This user was selling personal information of Facebook users:

BBC contacted Digital Shadows, a cyber-security company to investigate the case. The cyber-security company confirmed that more than 81,000 of the profiles posted online contained private messages.

Also, the data from 176,000 accounts were made available online, but BBC added that this data may have been scraped from members who had not hidden it. To confirm that these private posts and messages were actually of real users BBC also contacted five Russian Facebook users. These users confirmed that the posts were theirs.

Who exactly is responsible for this hack?

Going by Facebook’s statement to BBC, this hack happened because of malicious browser extensions. This malicious extension tracked victims’ activity on Facebook and shared their personal details and private conversations with the hackers. Facebook has not yet disclosed any information about the extension. One of the Facebook’s executive, Guy Rosen told BBC:

“We have contacted browser-makers to ensure that known malicious extensions are no longer available to download in their stores. We have also contacted law enforcement and have worked with local authorities to remove the website that displayed information from Facebook accounts.”

On deeper investigation by BBC News, one of the websites where the data was published appeared to have been set up in St Petersburg. In addition to taking the website down, its IP address has also been flagged by the Cybercrime Tracker service. According to the Cybercrime Tracker service this address was also used to spread the LokiBot Trojan. This trojan allows attacker to gain access to user passwords.

Cyber experts told BBC that if malicious extensions were the root cause of this data breach, then browsers are also responsible for it:

“Independent cyber-experts have told the BBC that if rogue extensions were indeed the cause, the browsers’ developers might share some responsibility for failing to vet the programs, assuming they were distributed via their marketplaces.”